Changes

Jump to: navigation, search

CA/WoSign Issues

382 bytes removed, 13:47, 20 September 2016
Remove questionable assertion
* This issue does not paint a picture of careful software development practices and quality assurance - having unused code around capable of issuing BR-violating certificates does not seem like responsible practice.
 
* WoSign assert that the fact that the cert was SHA-1 was a "SHA-1 parameter request" - i.e. the SHA-1-ness was caused by the requester. However, as we understand it, the request was the same as a request which produced a SHA-256 certificate from StartCom, except for the change of the API parameter. Therefore, the SHA-1-ness was WoSign's responsibility, not part of the request.
* The question of why StartCom was able to trigger certificate-issuance code which WoSign has stopped developing and maintaining is also still open.
Accountapprovers, antispam, confirm, emeritus
4,925
edits

Navigation menu